Key Vulnerability Information from Screenshot: Vulnerability: Heap-use-after-free in (stale XImage) Severity: Moderate CVE ID: CVE-2026-25955 Affected Versions: <= 3.22.0 Patched Versions: 3.23.0 Weakness: CWE-416 (Use After Free) Details: - Summary: reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer. frees without invalidating the that still references it. - Impact: A malicious server can trigger a client-side heap use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. - PoC: 1. Connect an client to a malicious RDP server that advertises RAIL and RDPGFX support. 2. The server creates a RAIL window and opens the RDPGFX dynamic channel. 3. Server sends paint orders, client caches XImage referencing . 4. Surface deletion; stale XImage still references . - Patch Suggestion: Invalidate the cached when the surface it aliases is deleted. Use to notify the X11 client layer, which should call to clear the stale reference.